1
22
23 package com.liferay.portal.servlet.filters.sso.opensso;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.util.GetterUtil;
28 import com.liferay.portal.kernel.util.Validator;
29 import com.liferay.portal.servlet.filters.BasePortalFilter;
30 import com.liferay.portal.util.PortalUtil;
31 import com.liferay.portal.util.PrefsPropsUtil;
32 import com.liferay.portal.util.PropsKeys;
33 import com.liferay.portal.util.PropsValues;
34
35 import javax.servlet.FilterChain;
36 import javax.servlet.http.HttpServletRequest;
37 import javax.servlet.http.HttpServletResponse;
38 import javax.servlet.http.HttpSession;
39
40
47 public class OpenSSOFilter extends BasePortalFilter {
48
49 protected void processFilter(
50 HttpServletRequest request, HttpServletResponse response,
51 FilterChain filterChain)
52 throws Exception {
53
54 long companyId = PortalUtil.getCompanyId(request);
55
56 boolean enabled = PrefsPropsUtil.getBoolean(
57 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
58 PropsValues.OPEN_SSO_AUTH_ENABLED);
59 String loginUrl = PrefsPropsUtil.getString(
60 companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
61 PropsValues.OPEN_SSO_LOGIN_URL);
62 String logoutUrl = PrefsPropsUtil.getString(
63 companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
64 PropsValues.OPEN_SSO_LOGOUT_URL);
65 String serviceUrl = PrefsPropsUtil.getString(
66 companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
67 PropsValues.OPEN_SSO_SERVICE_URL);
68
69 if (!enabled || Validator.isNull(loginUrl) ||
70 Validator.isNull(logoutUrl) || Validator.isNull(serviceUrl)) {
71
72 processFilter(OpenSSOFilter.class, request, response, filterChain);
73
74 return;
75 }
76
77 String requestURI = GetterUtil.getString(request.getRequestURI());
78
79 if (requestURI.endsWith("/portal/logout")) {
80 HttpSession session = request.getSession();
81
82 session.invalidate();
83
84 response.sendRedirect(logoutUrl);
85 }
86 else {
87 boolean authenticated = false;
88
89 try {
90
91
93 authenticated = OpenSSOUtil.isAuthenticated(
94 request, serviceUrl);
95 }
96 catch (Exception e) {
97 _log.error(e, e);
98
99 processFilter(
100 OpenSSOFilter.class, request, response, filterChain);
101
102 return;
103 }
104
105 if (authenticated) {
106
107
109 String newSubjectId = OpenSSOUtil.getSubjectId(
110 request, serviceUrl);
111
112 HttpSession session = request.getSession();
113
114 String oldSubjectId = (String)session.getAttribute(
115 _SUBJECT_ID_KEY);
116
117 if (oldSubjectId == null) {
118 session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
119 }
120 else if (!newSubjectId.equals(oldSubjectId)) {
121 session.invalidate();
122
123 session = request.getSession();
124
125 session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
126 }
127
128 processFilter(
129 OpenSSOFilter.class, request, response, filterChain);
130 }
131 else {
132 response.sendRedirect(loginUrl);
133 }
134 }
135 }
136
137 private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
138
139 private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
140
141 }